From b6a5ba21a130110c47d9dc43b3d6662051ba22b5 Mon Sep 17 00:00:00 2001
From: Christian Duerr <contact@christianduerr.com>
Date: Thu, 3 Jan 2019 21:18:26 +0100
Subject: [PATCH] Limit number of URL schemes

This limits the number of allowed schemes for the URL launcher, to
reduce the number of false-positives.

The accepted URL schemes are now:
    - http
    - https
    - mailto
    - news
    - file
    - git
    - ssh
    - ftp

This fixes #1727.
---
 CHANGELOG.md    | 1 +
 src/term/mod.rs | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 30d3a483..6735d83d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Windows configuration location has been moved from %USERPROFILE%\alacritty.yml
     to %APPDATA%\alacritty\alacritty.yml
 - Windows default shell is now PowerShell instead of cmd
+- URL schemes have been limited to http, https, mailto, news, file, git, ssh and ftp
 
 ### Fixed
 
diff --git a/src/term/mod.rs b/src/term/mod.rs
index c699adc9..dcde62c8 100644
--- a/src/term/mod.rs
+++ b/src/term/mod.rs
@@ -41,6 +41,7 @@ use self::cell::LineLength;
 // See https://tools.ietf.org/html/rfc3987#page-13
 const URL_SEPARATOR_CHARS: [char; 10] = ['<', '>', '"', ' ', '{', '}', '|', '\\', '^', '`'];
 const URL_DENY_END_CHARS: [char; 7] = ['.', ',', ';', ':', '?', '!', '/'];
+const URL_SCHEMES: [&str; 8] = ["http", "https", "mailto", "news", "file", "git", "ssh", "ftp"];
 
 /// A type that can expand a given point to a region
 ///
@@ -148,7 +149,13 @@ impl Search for Term {
 
         // Check if string is valid url
         match Url::parse(&buf) {
-            Ok(_) => Some(buf),
+            Ok(url) => {
+                if URL_SCHEMES.contains(&url.scheme()) {
+                    Some(buf)
+                } else {
+                    None
+                }
+            }
             Err(_) => None,
         }
     }